-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathidentity.go
66 lines (55 loc) · 1.69 KB
/
identity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package idmclient
import (
"golang.org/x/net/context"
"gopkg.in/macaroon-bakery.v2/bakery/identchecker"
)
// Identity represents a IDM identity. It includes bakery.ACLIdentity but
// also includes methods for determining the username and
// enquiring about groups.
//
// Note that currently the Id method just returns the user
// name, but client code should not rely on it doing that - eventually
// it will return an opaque user identifier rather than the user name.
type Identity interface {
identchecker.ACLIdentity
// Username returns the user name of the user.
Username() (string, error)
// Groups returns all the groups that the user is a member of.
//
// Note: use of this method should be avoided if possible, as a user may
// potentially be in huge numbers of groups.
Groups() ([]string, error)
}
var _ Identity = (*identity)(nil)
type identity struct {
client *Client
username string
}
// Username implements Identity.Username.
func (id *identity) Username() (string, error) {
return id.username, nil
}
// Groups implements Identity.Groups.
func (id *identity) Groups() ([]string, error) {
if id.client.permChecker != nil {
return id.client.permChecker.cache.Groups(id.username)
}
return nil, nil
}
// Allow implements Identity.Allow.
func (id *identity) Allow(ctx context.Context, acl []string) (bool, error) {
if id.client.permChecker != nil {
return id.client.permChecker.Allow(id.username, acl)
}
// No groups - just implement the trivial cases.
ok, _ := trivialAllow(id.username, acl)
return ok, nil
}
// Id implements Identity.Id.
func (id *identity) Id() string {
return id.username
}
// Domain implements Identity.Domain.
func (id *identity) Domain() string {
return ""
}